1#@!#!123s

: / home3 / encodto1 / kk.encodersunlimited.com /
Filename : crud.php
back
<?php

require_once('config.php');


if (isset($_POST['add_product'])) {
    // Escape user input to prevent SQL injection
    foreach ($_POST as $key => $value) {
        $_POST[$key] = mysqli_real_escape_string($conn, $value);
    }

    // Handle image upload
    $imgpath = image_upload($_FILES['image']);

    // Prepare and execute the query with the new fields
    $query = "INSERT INTO `products` (`name`, `image`, `category`, `summary_no`,`party`, `description`, `shape`, `color`, `clarity`, `comments`) 
              VALUES (
                '{$_POST['name']}', 
                '$imgpath', 
                '{$_POST['category']}', 
                '{$_POST['summary_no']}', 
                '{$_POST['description']}', 
                '{$_POST['shape']}', 
                '{$_POST['party']}', 
                '{$_POST['color']}', 
                '{$_POST['clarity']}', 
                '{$_POST['comments']}'
              )";

    if (mysqli_query($conn, $query)) {
        header("Location: products.php?success=added");
    } else {
        // Log or display error for debugging
        echo "Error: " . mysqli_error($conn);
        header("Location: products.php?alert=add_failed");
    }
}



if (isset($_POST['add_category'])) {
    // Sanitize POST data
    foreach ($_POST as $key => $value) {
        $_POST[$key] = mysqli_real_escape_string($conn, $value);
    }

    // Handle image upload
    $imgpath = image_upload($_FILES['image']);

    if ($imgpath === false) {
        // Handle the error if image upload fails
        header("Location: category.php?alert=image_upload_failed");
        exit;
    }

    // Prepare and execute SQL query
    $query = "INSERT INTO `category` (`category_name`, `image`, `status`) 
              VALUES ('{$_POST['category_name']}', '$imgpath', '{$_POST['status']}')";

    if (mysqli_query($conn, $query)) {
        header("Location: category.php?success=added");
    } else {
        // Handle SQL query failure
        header("Location: category.php?alert=add_failed");
    }

    // Always exit after redirecting
    exit;
}


// ADD =================================================================


if (isset($_POST['delete_category'])) {
    $id = intval($_POST['id']);
    $query = "SELECT `image` FROM `category` WHERE `id`=$id";
    $result = mysqli_query($conn, $query);
    $row = mysqli_fetch_assoc($result);
    $filename = $row['image'];

    $delete_query = "DELETE FROM `category` WHERE `id`=$id";

    if (mysqli_query($conn, $delete_query)) {
        $file_path = "uploads/" . $filename;
        if (file_exists($file_path)) {
            unlink($file_path);
        }
        header("Location: category.php");
    } else {
        header("Location: category.php?alert=delete_failed");
    }
}

if (isset($_POST['delete_product'])) {
    $id = intval($_POST['id']);
    $query = "SELECT `image` FROM `products` WHERE `id`=$id";
    $result = mysqli_query($conn, $query);
    $row = mysqli_fetch_assoc($result);
    $filename = $row['image'];

    $delete_query = "DELETE FROM `products` WHERE `id`=$id";

    if (mysqli_query($conn, $delete_query)) {
        $file_path = "uploads/" . $filename;
        if (file_exists($file_path)) {
            unlink($file_path);
        }
        header("Location: products.php");
    } else {
        header("Location: products.php?alert=delete_failed");
    }
}


if (isset($_POST['delete_party'])) {
    $id = intval($_POST['id']);

    // Delete the party from the database
    $delete_query = "DELETE FROM `party` WHERE `id` = $id";

    if (mysqli_query($conn, $delete_query)) {
        // If the delete query is successful, redirect with a success message
        header("Location: parties.php?alert=delete_success");
    } else {
        // If the delete query fails, redirect with a failure message
        header("Location: parties.php?alert=delete_failed");
    }

    exit();
}

// ========================== Edit =======================================
if (isset($_POST['edit_product'])) {
    // Escape user input to prevent SQL injection
    foreach ($_POST as $key => $value) {
        $_POST[$key] = mysqli_real_escape_string($conn, $value);
    }

    // Handle image upload if a new image is provided
    if (!empty($_FILES['image']['name'])) {
        $imgpath = image_upload($_FILES['image']);
        $image_query = "`image` = '$imgpath',";
    } else {
        // If no new image is provided, retain the existing image
        $image_query = "";
    }

    // Prepare and execute the update query
    $query = "UPDATE `products` 
              SET 
                  `name` = '{$_POST['name']}', 
                  $image_query
                  `category` = '{$_POST['category']}', 
                  `summary_no` = '{$_POST['summary_no']}', 
                  `description` = '{$_POST['description']}', 
                  `shape` = '{$_POST['shape']}', 
                  `party` = '{$_POST['party']}', 
                  `color` = '{$_POST['color']}', 
                  `clarity` = '{$_POST['clarity']}', 
                  `comments` = '{$_POST['comments']}' 
              WHERE `id` = {$_POST['id']}";

    if (mysqli_query($conn, $query)) {
        header("Location: products.php?success=updated");
    } else {
        // Log or display error for debugging
        echo "Error: " . mysqli_error($conn);
        header("Location: products.php?alert=update_failed");
    }
}


?>